GNU Octave update

8 replies [Last post]
CriGrape
Offline
Joined: 04/08/2019

Hello, I installed GNU Octave from Trisquel Package Manager.

I see it's version 4.0.0 of 2015 while the current updated stable release is 5.1.0.

I would use this current release (to extend the use of the additional packages).

Is it correct and safe to install this latest stable release with these following Ubuntu-like commands ?
sudo apt-add-repository ppa:octave/stable
sudo apt-get update
sudo apt-get install octave

Christian

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

The commands are OK, although I would replace 'apt-get' by 'apt': a nicer output and less characters to type.

The risk with PPA repositories is that they can make you install proprietary software, or even malware, along an apparently trifling update: you have to trust whoever administrates the PPA.

jules_verne
Offline
Joined: 01/02/2017

Study the ppa a little bit... Spend some time reading in formations about it and see is any of the listed packages are proprietary of malicious... Its a good practice.
Give it enough time and it might become a habit... A healthy one.

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

The software in a deb repository is compiled. You would not notice a (present or future) malicious modification of it (e.g., a backdoor). In the related deb-src repository, there is the source code. However, as far as I understand, nothing guarantees that the compiled packages are built from these sources. If you want to build from the source, why not taking it from the upstream developers?

To be clear: I am not claiming the “GNU Octave” team on Launchpad is not trustworthy. I am just pointing out that you need to trust this additional actor if you go for the convenience of the PPA (in particular the automatic updates), rather than whatever the upstream developers distribute. Often times, upstream developers administrate the PPA. It does not seem to be the case here.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> In
> the related deb-src repository, there is the source code. However, as
> far as I understand, nothing guarantees that the compiled packages are
> built from these sources.

The source packages are uploaded to Launchpad, which are then built on
Launchpad's servers, so the party to trust or distrust on this
particular point is Canonical.

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

Thank you for the information. I did know know that. That greatly diminishes the potential for malware that I was imagining: it would not be hidden (a 'diff' with the upstream code would reveal it).

strypey
Offline
Joined: 05/14/2015

Does this apply to all PPAs then or just a subset that are hosted on Launchpad?

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Does this apply to all PPAs then or just a subset that are hosted on
> Launchpad?

Aren't all PPAs hosted on Launchpad? The command to add a PPA is

$ sudo add-apt-repository ppa:name/ppa

where "name" is a Launchpad user. "PPA" seems to just be a name for the
personal repositories that Launchpad hosts.

You can have an independent apt repository (like jxself has for
linux-libre) which would not be hosted on Launchpad and so would not be
built on Launchpad's servers.

nadebula.1984
Offline
Joined: 05/01/2018

The latest GNU Octave 5.1.0 is still in Debian's experimental repository. You can try to download this package from Debian's mirrors. But I'm afraid that you'll need to update the dependencies first.